lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Nov 2020 10:06:20 +0100 From: David Hildenbrand <david@...hat.com> To: Michal Hocko <mhocko@...e.com> Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org, Andrew Morton <akpm@...ux-foundation.org>, Alexander Potapenko <glider@...gle.com>, Mike Kravetz <mike.kravetz@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, Mike Rapoport <rppt@...ux.ibm.com>, Oscar Salvador <osalvador@...e.de>, Kees Cook <keescook@...omium.org>, Michael Ellerman <mpe@...erman.id.au> Subject: Re: [PATCH v1] mm/page_alloc: clear pages in alloc_contig_pages() with init_on_alloc=1 or __GFP_ZERO On 11.11.20 09:47, Michal Hocko wrote: > On Tue 10-11-20 20:32:40, David Hildenbrand wrote: >> commit 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and >> init_on_free=1 boot options") resulted with init_on_alloc=1 in all pages >> leaving the buddy via alloc_pages() and friends to be >> initialized/cleared/zeroed on allocation. >> >> However, the same logic is currently not applied to >> alloc_contig_pages(): allocated pages leaving the buddy aren't cleared >> with init_on_alloc=1 and init_on_free=0. Let's also properly clear >> pages on that allocation path and add support for __GFP_ZERO. > > AFAIR we do not have any user for __GFP_ZERO right? Not that this is Sorry, I had extended information under "---" but accidentally regenerated the patch before sending it out. __GFP_ZERO is not used yet. It's intended to be used in https://lkml.kernel.org/r/20201029162718.29910-1-david@redhat.com and I can move that change into a separate patch if desired. > harmful but it is better to call that explicitly because a missing > implementation would be a real problem and as such a bug fix. > > I am also not sure handling init_on_free at the higher level is good. > As we have discussed recently the primary point of this feature is to > add clearing at very few well defined entry points rather than spill it over > many places. In this case the entry point for the allocator is > __isolate_free_page which removes pages from the page allocator. I > haven't checked how much this is used elsewhere but I would expect > init_on_alloc to be handled there. Well, this is the entry point to our range allocator, which lives in page_alloc.c - used by actual high-level allocators (CMA, gigantic pages, etc). It's just a matter of taste where we want to have that handling exactly inside our allocator. isolate_freepages_range()->split_map_pages() does the post_alloc_hook call. As we certainly don't want to zero pages during compaction, we could either pass the gfp_mask/"bool clear" down to that functions and handle it in there, or handle it in isolate_freepages_range(), after the ->split_map_pages() call. Whatever you prefer. Thanks! -- Thanks, David / dhildenb
Powered by blists - more mailing lists